Date: Thu, 07 Sep 2000 20:59:18 -0600 From: Warner Losh <imp@village.org> To: "John Doh!" <johndoh_@hotmail.com> Cc: security@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: How to stop problems from printf Message-ID: <200009080259.UAA50393@harmony.village.org> In-Reply-To: Your message of "Thu, 07 Sep 2000 18:27:57 %2B0700." <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com> References: <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <F159yCTr9rf3yXvEbjk00001dc1@hotmail.com> "John Doh!" writes: : Issue is must be getting format string from "untrusted" place, but want to : limit substitution of %... to the substitution of say in example the : argv[0], but to not do others so that say given "usage: %s filename %p" %p : not interpret but to be print instead as literally so we get output of : (saying to be argv[0] as test just for example) usage: test filename %p : : any hints you have I am very greatful for. Fix gettext to only allow N arguments in the same order that the original message had. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009080259.UAA50393>